The News: BMC announces new capabilities targeted at helping their clients to harden security, modernize application development, achieve greater visibility across the IBM Z platform, and promote an open and collaborative mainframe. Read the full release announcement here.
BMC Announces New Capabilities Aimed at Security, a Modern Development Experience and Promoting an Open, Collaborative Mainframe
Analyst Take: Almost exactly one year ago, BMC announced the closing on its acquisition of long term collaborator, Compuware. Announced today, BMC’s new capabilities are aimed at security, providing a modern development experience, and promoting an open and collaborative mainframe. BMC’s announcement includes a raft of new updates to core products.
Up until now, the combination of arguably the third and fourth largest mainframe software vendors saw the companies operate as separate entities. The messaging and tone of this release appears to indicate a move away from this approach, with a more holistic BMC branded approach being prevalent.
In this announcement, BMC is describing a quarterly release schedule of major updates to BMC products and former Compuware titles. Prior to the acquisition, Compuware CEO Chris O’Malley trumpeted the quarterly update cycle of the company’s core product lines and used this approach to preach about innovation and position the release schedule as a key differentiator in the mainframe marketplace. From looking at social media channels, the once vociferous O’Malley has been quiet of late, but it appears that BMC is adopting the same approach by releasing quarterly updates. I am both heartened to see BMC adopt this quarterly release schedule and see a toning down of the rhetoric in how it positions the announcement schedule.
A Deeper Look at the BMC Platform: Why This Focus on Protecting From Malicious Insider Threats is Not Surprising
For those less familiar with the mainframe, the one thing you would probably associate the BMC platform with would be its reputation for security. However, while the BMC platform can claim to be the most securable hardware platform on the market, this reputation for security still requires effort. With the recent SolarWinds and REvil attacks making front page news and impacting hundreds of clients globally the focus on security in these announcements is not surprising. The focus here, however, is not supply-chain security, but rather protecting the platform from malicious insider threats.
With mainframes being hidden deep within DMZs, often furthest away from the internet, the fastest route to mainframe data is through privileged accounts, where system programmers have elevated access rights and DBAs hold credentialed access to core activities. Compromising the accounts of trusted employees is a proven hacker methodology. These accounts can be compromised by external attackers targeting these superusers or malicious internal users, who can then perform nefarious actions such as accessing data, downloading it and then either selling it or dumping it onto the dark web. Even worse, this attack surface is costlier and more difficult to detect and trace, particularly because many organizations rely on manual workflows to monitor privileged activity. Given the recent rise in ransomware attacks, these highly credentialed user accounts are a perfect attack surface for attackers to deploy ransomware, avoid detection, and increase their dwell time on systems.
Of course, I will need to get closer to the offering and then fully digest the functionality, but BMC’s new and expanded supervisor call screener and Unix System Service (USS) data enrichment functionality, appears to be a much needed step in the right direction for mainframe shops looking to harden their security posture.
The newly announced options within BMC AMI Security employ automated detection and response to enhance protection against attacks from privileged accounts. This new functionality detects unusual privileged user activity in real time and automatically responds, shutting down these vulnerabilities and locking potentially compromised accounts until security teams can investigate and resolve these potential threats. This real-time detection and improved visibility provides an extra level of protection against the compromise of privileged user accounts, allowing BMC mainframe customers to uncover weaknesses and malicious activity and apply remediation before a compromise can occur.
BMC’s Focus on Developer Agility and Faster Application Updates
Another key announcement made today is BMC’s continued focus on accelerating development team output with new integrations that simplify continuous integration (CI) and continuous delivery (CD) pipelines, as well as orchestrate automated deployments across multiple platforms. The BMC Compuware ISPW solution now integrates with GitHub Actions and HCL Launch to further automate the mainframe application development and deployment process, reducing cost and complexity. I believe that these integrations will prove to be key for positioning the mainframe as a first-tier platform in the minds of developers and be key to removing toolchain bias that exists in the minds of developers when they consider the merits of the mainframe platform.
BMC is announcing integrations with GitHub Actions and HCL Launch to extend the existing built-in CI/CD integrations, which include Jenkins, Git, GitLab, GitHub, VS Code, and REST APIs. The focus here by BMC enables users to reduce errors and improve application quality by setting up CI/CD pipelines with automated workflows. With CI/CD pipelines becoming a focus attack surface for hackers, any improvements in error reduction and quality is a key area for improvement, not only for productivity but also for improved security posture. “Clients rely on BMC to support their mainframe transformation. We prevent insider threats to the mainframe, increase software delivery, quality, velocity, and efficiency, and strengthen operational resilience,” said John McKenny, Senior Vice President and General Manager, Intelligent Z Optimization and Transformation at BMC.
Commenting on the announcement April Hickel, Vice President, Intelligent Z Strategy at BMC Software in an accompanying blog stated, “Providing a modern development experience is key to attracting and retaining this talent. Developers today can choose from a wide variety of platforms and languages on which to base their careers. To attract talented, dedicated workers, employers can’t provide developers with a niche, specialized experience that’s unique to the mainframe.”
The Open Mainframe
Based on a cursory glance, the Linux Foundation appears to be a strange place to find the mainframe platform. However, the Foundation has had a collaborative project focused on making the mainframe platform more open since 2015, called the Open Mainframe Project. BMC recently launched this Linux Foundation project as a non-voting silver member with a view to becoming more active in the flagship code base efforts, Zowe.
The newly announced Workflow WiZard tool has been accepted as part of Zowe. Originally designed to facilitate the creation of workflows during mainframe software installation and configuration, BMC’s contribution to the Zowe open source software framework, allows software developers to more easily build workflows for z/OSMF. Workflow WiZard provides an integrated and extensible open source framework for the main mainframe IBM sourced operating system, z/OS. This contribution is a key indicator of BMCs commitment to the Open Mainframe Project and provides an opportunity to collaborate with the mainframe community and increase innovation on the z/OS platform.
I believe that if the mainframe is going to continue to survive and thrive, a vibrant ecosystem is essential. Vendors need to communicate in the open, share ideas on innovation, and collaborate with the mainframe customer base to crowd source development and move away from proprietary models. I continue to see a more bullish outlook for open source on the mainframe platform and I believe that an open source approach and collaboration between vendors, customers, developers, and academic institutions in the mainframe community will lead to greater innovation and transformation, enabling the platform to continue providing a robust system of record for new and existing mainframe shops.
Mainframe transformation is a key part of many clients’ overall digital transformation journeys and continuous innovation is a foundational requirement if mainframes are to continue with their role in providing systems of record for many of the world’s largest organizations and government institutions. Emerging market demands will require new services which require new applications, and mainframe integrations, leading to adjustments in workflow, capacity, and security strategy. BMC committing to a future release schedule into the future and demonstrating commitment to the Compuware toolsets and client base bodes well for BMC in the quarters ahead.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.